tshark CAN协议分析初试
/*********************************************************************************
* tshark CAN协议分析初试
* 说明:
* 使用tshark分析CAN数据,协议支持,不过貌似CANopen的协议分析不出来,单纯的CAN
* 数据分析data部分都无法显示,目前不知道原因。
*
* 2018-2-5 深圳 宝安西乡 曾剑锋
********************************************************************************/ 一、tshark help:
[buildroot@root ~]# tshark -h
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 2.2. (wireshark-2.2.)
Dump and analyze network traffic.
See https://www.wireshark.org for more information. Usage: tshark [options] ... Capture interface:
-i <interface> name or idx of interface (def: first non-loopback)
-f <capture filter> packet filter in libpcap filter syntax
-s <snaplen> packet snapshot length (def: )
-p don't capture in promiscuous mode
-I capture in monitor mode, if available
-B <buffer size> size of kernel buffer (def: 2MB)
-y <link type> link layer type (def: first appropriate)
-D print list of interfaces and exit
-L print list of link-layer types of iface and exit Capture stop conditions:
-c <packet count> stop after n packets (def: infinite)
-a <autostop cond.> ... duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
Capture output:
-b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs
filesize:NUM - switch to next file after NUM KB
files:NUM - ringbuffer: replace after NUM files
Input file:
-r <infile> set the filename to read from (- to read from stdin) Processing:
- perform a two-pass analysis
-R <read filter> packet Read filter in Wireshark display filter syntax
-Y <display filter> packet displaY filter in Wireshark display filter
syntax
-n disable all name resolutions (def: all enabled)
-N <name resolve flags> enable specific name resolution(s): "mnNtCd"
-d <layer_type>==<selector>,<decode_as_protocol> ...
"Decode As", see the man page for details
Example: tcp.port==,http
-H <hosts file> read a list of entries from a hosts file, which will
then be written to a capture file. (Implies -W n)
--disable-protocol <proto_name>
disable dissection of proto_name
--enable-heuristic <short_name>
enable dissection of heuristic protocol
--disable-heuristic <short_name>
disable dissection of heuristic protocol
Output:
-w <outfile|-> write packets to a pcap-format file named "outfile"
(or to the standard output for "-")
-C <config profile> start with specified configuration profile
-F <output file type> set the output file type, default is pcapng
an empty "-F" option will list the file types
-V add output of packet tree (Packet Details)
-O <protocols> Only show packet details of these protocols, comma
separated
-P print packet summary even when writing to a file
-S <separator> the line separator to print between packets
-x add output of hex and ASCII dump (Packet Bytes)
-T pdml|ps|psml|json|ek|text|fields
format of text output (def: text)
-j <protocolfilter> protocols layers filter if -T ek|pdml|json selected,
(e.g. "http tcp ip",
-e <field> field to print if -Tfields selected (e.g. tcp.port,
_ws.col.Info)
this option can be repeated to print multiple fields
-E<fieldsoption>=<value> set options for output when -Tfields selected:
bom=y|n print a UTF- BOM
header=y|n switch headers on and off
separator=/t|/s|<char> select tab, space, printable character as separator
occurrence=f|l|a print first, last or all occurrences of each field
aggregator=,|/s|<char> select comma, space, printable character as
aggregator
quote=d|s|n select double, single, no quotes for values
-t a|ad|d|dd|e|r|u|ud output format of time stamps (def: r: rel. to first)
-u s|hms output format of seconds (def: s: seconds)
-l flush standard output after each packet
-q be more quiet on stdout (e.g. when using statistics)
-Q only log true errors to stderr (quieter than -q)
-g enable group read access on the output file(s)
-W n Save extra information in the file, if supported.
n = write network address resolution information
-X <key>:<value> eXtension options, see the man page for details
-U tap_name PDUs export mode, see the man page for details
-z <statistics> various statistics, see the man page for details
--capture-comment <comment>
add a capture comment to the newly created
output file (only for pcapng) Miscellaneous:
-h display this help and exit
-v display version info and exit
-o <name>:<value> ... override preference setting
-K <keytab> keytab file to use for kerberos decryption
-G [report] dump one of several available reports and exit
default report="fields"
use "-G ?" for more help WARNING: dumpcap will enable kernel BPF JIT compiler if available.
You might want to reset it
By doing "echo 0 > /proc/sys/net/core/bpf_jit_enable" [buildroot@root ~]# 二、tshark支持协议查看:
tshark -G protocols 三、vcan设置:
sudo ip link add dev vcan0 type vcan
sudo ip link set up vcan0
candump vcan0
canopend vcan0 -i -s od4_storage -a od4_storage_auto 四、tshark抓包设备显示:
[buildroot@root ~]# sudo tshark -D
Running as user "root" and group "root". This could be dangerous.
. eth0
. vcan0
. any
. lo (Loopback)
. usbmon1
. usbmon2
. usbmon3
. randpkt (Random packet generator)
[buildroot@root ~]# 五、tshark vcan抓包:
[buildroot@root ~]# tshark -i vcan0
Running as user "root" and group "root". This could be dangerous.
Capturing on 'vcan0'
device vcan0 entered promiscuous mode
0.000000000 ? CAN STD: 0x00000704 7f
0.000023000 ? CAN STD: 0x00000704 7f
1.001414667 ? CAN STD: 0x00000704 7f
1.001437667 ? CAN STD: 0x00000704 7f
2.001844334 ? CAN STD: 0x00000704 7f
2.001867334 ? CAN STD: 0x00000704 7f
3.002829334 ? CAN STD: 0x00000704 7f
3.002850334 ? CAN STD: 0x00000704 7f 六、tshark vcan can协议解析:
[buildroot@root ~]# tshark -i vcan0 -O can
Running as user "root" and group "root". This could be dangerous.
Capturing on 'vcan0'
device vcan0 entered promiscuous mode
Frame : bytes on wire ( bits), bytes captured ( bits) on interface
Linux cooked capture
Controller Area Network
... = Identifier: 0x00000704
... .... .... .... .... .... .... .... = Extended Flag: False
... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False
... .... .... .... .... .... .... .... = Error Flag: False
Frame-Length:
Data ( byte) Frame : bytes on wire ( bits), bytes captured ( bits) on interface
Linux cooked capture
Controller Area Network
... = Identifier: 0x00000704
... .... .... .... .... .... .... .... = Extended Flag: False
... .... .... .... .... .... .... .... = Remote Transmission Request Flag: False
... .... .... .... .... .... .... .... = Error Flag: False
Frame-Length:
Data ( byte)
tshark CAN协议分析初试的更多相关文章
- Memcache的使用和协议分析详解
Memcache的使用和协议分析详解 作者:heiyeluren博客:http://blog.csdn.NET/heiyeshuwu时间:2006-11-12关键字:PHP Memcache Linu ...
- [转]Memcache的使用和协议分析详解
Memcache是什么 Memcache是danga.com的一个项目,最早是为 LiveJournal 服务的,目前全世界不少人使用这个缓存项目来构建自己大负载的网站,来分担数据库的压力. 它可以应 ...
- Google的Protobuf协议分析
protobuf和thrift类似,也是一个序列化的协议实现,简称PB(下文出现的PB代表protobuf). Github:https://github.com/google/protobuf 上图 ...
- 蓝牙协议分析(7)_BLE连接有关的技术分析
转自:http://www.wowotech.net/bluetooth/ble_connection.html#comments 1. 前言 了解蓝牙的人都知道,在经典蓝牙中,保持连接(Connec ...
- 协议分析TMP
最近闲来有事, 分析了一个非常低端(非常低端的意思是说你不应该对她是否能取代你现有的QQ客户端作任何可能的奢望,她只是一个实验性的东西)的手机QQ的协议, 是手机QQ3.0, 所用到的TCP ...
- 协议分析 - DHCP协议解码详解
协议分析 - DHCP协议解码详解 [DHCP协议简介] DHCP,全称是 Dynamic Host Configuration Protocol﹐中文名为动态主机配置协议,它的前身是 ...
- PYTHON黑帽编程1.5 使用WIRESHARK练习网络协议分析
Python黑帽编程1.5 使用Wireshark练习网络协议分析 1.5.0.1 本系列教程说明 本系列教程,采用的大纲母本为<Understanding Network Hacks At ...
- Thrift的TCompactProtocol紧凑型二进制协议分析
Thrift的紧凑型传输协议分析: 用一张图说明一下Thrift的TCompactProtocol中各个数据类型是怎么表示的. 报文格式编码: bool类型: 一个字节. 如果bool型的字段是结构体 ...
- BT协议分析(1)—1.0协议
简述 BT下载是采用P2P的下载方式,下载的大致形式采用如下图所示,处于图示中心的称为Tracker服务器,其余称为Peer. 缺点 1.资源的安全性 2.资源的实效性(没有上传者则BT也将失效) ...
随机推荐
- kali菜单中各工具功能
一.说明 各工具kali官方简介(竖排):https://tools.kali.org/tools-listing 安装kali虚拟机可参考:https://www.cnblogs.com/lsdb/ ...
- PL/SQL Developer安装教程
1.下载:http://pan.baidu.com/s/1qYtvy1I密码:451g instantclient官方下载链接:http://www.oracle.com/technetwork/to ...
- OpenJDK换为JDK(CentOS)
说明:应该来说没必要非把OpenJDK卸载掉,只要让$PATH中我们安装的jdk的目录较OpenJDK所在的/usr/bin先出现就好了:简言之跳过下边的第一步直接从第二步开始更科学一些. 1.卸载O ...
- Win10系列:JavaScript综合实例4
实现主页面和分类页面的之后,最后来看一下菜肴页面的实现,这个页面用于详细介绍某项菜肴或主食,如名称.图片和具体做法等.在pages文件夹里面添加一个名为foodDetail的文件夹,并在foodDet ...
- Win10系列:JavaScript 模板绑定
WinJS库模板提供了一种格式化显示多条数据的便捷方式,通过这种方式可以将模板与ListView或FlipView等控件结合使用以控制数据的显示格式.定义一个WinJS库模板的方法与定义WinJS库控 ...
- (路-莫)-Python基础一
一,Python介绍 1,python的出生与应用 python的创始人为吉多·范罗苏姆(Guido van Rossum).1989年的圣诞节期间,吉多·范罗苏姆(中文名字:龟叔)为了在阿姆斯特丹打 ...
- windows下《Go Web编程》之Go工作空间
上篇已配置GOPATH工作空间为D:\mygo,之后练习就会在此目录进行... GOPATH目录下有3个子目录: src:存放源代码(.go .c .h .s等 ) pkg:编译后生成的文件(如.a) ...
- 银联接口C#
银联支付: ChinaPay的会员商户接入支付平台,以方便商户开展网上支付交易. 持卡人从商户网站中生成订单信息,通过公共支付交易平台中的支付网关子系统进行支付的过程,其交易流程包括订单确认.支付处理 ...
- java -jar 使用要点
1.在将进程设为脱离终端运行时,输出流不能输出到当前窗口.否则,退出终端后,进程会pause.pause是停滞,是僵尸进程. 2.包含资源文件的war.jar文件是无法独立运行的.需要解压到临时目录. ...
- 初识数据库、初识MySQL
一.为什么要用数据库 # 1.将文件和程序存在一台机器上是很不合理的. # 2.操作文件是一件很麻烦的事. 所以就出现了一个新的概念 —— 数据库 你可以理解为 数据库 是一个可以在一台机器上独立工作 ...